Compliance Blog

Nov 04, 2013

NCUA Report: Protecting Members from Holiday Fraudsters; NAFCU's 2014 Technology and Security Conference

Written by Bernadette Clair, Regulatory Compliance Counsel

Recently, my colleague Tessema Tefferi blogged about the importance of cybersecurity awareness, providing links to many useful resources credit unions can use to manage cybersecurity risks. Although credit unions’ websites and computer systems are the main target of attacks such as Distributed Denial-of-Service (DDoS) attacks, it’s important to remember that fraudsters often target members directly, attempting to steal personal information through identity theft scams, social engineering, and computer malware, to name just a few methods. Educating members about information security and how they can protect their personal information is one tool credit unions can use to help mitigate some of the cybersecurity risks.

Along these lines, NCUA’s October 2013 Report that we blogged about last week, includes an article on Protecting Members from Holiday Fraudsters, just in time for the start of the holiday shopping season. The article encourages credit unions to educate members about how they can protect themselves against fraud, and provides strategies members can use to detect and avoid falling victim to fraud and identity theft. From the article:

“Review Credit Reports at Least Once a Year. This will help your members ensure fraudulent accounts have not been opened using their personal information. Additionally, the Fair Credit Reporting Act entitles consumers to a free credit report once a year from each of the three nationwide credit reporting agencies. Members can receive their report by contacting the credit reporting agencies directly or by visiting

Monitor Financial Statements and Online Banking Regularly. Members should get into the routine of checking their statements and periodically reviewing their account transactions and online activities. This will help members identify unauthorized account activities early, preventing potential losses to their personal accounts and negative impact to your credit union’s reputation.

Ensure Children Understand What Information to Provide Online. Fraudsters will often use a game or a free offer that will request personal information, or will include spyware to track and steal information from a member’s computer or mobile device. Members can protect themselves by encouraging their children to limit online contact to friends they actually know, setting privacy controls to restrict access to private information, and enabling parental controls that allow access to only trusted sites. Members should also talk to their children about not giving out their name, address, date of birth, or any other personal information online without talking to a parent first.

Beware of Downloading Sneaky Apps. Smartphone or social networking applications may provide application developers with access to your members’ personal information, such as their messages, contacts, emails and photos. Often, this information isn’t related to the application’s purpose. Instead developers may share member’s information with marketers or other third parties. Members should read the privacy policy of each application before downloading to understand what private information they are sharing.

Shred Documents with Personal and Financial Information. Financial statements, credit card offers and billing statements are examples of documents members should be shredding. Consider hosting a shred day at your credit union so members can safely discard their personal and financial records.

Look Out for Scams Involving Social Engineering. Fraudsters may impersonate a credit union (or other legitimate organizations) to trick members into giving out personal account information. This social engineering tactic is often utilized as part of an elaborate scheme involving phone calls, emails, text messages and other forms of communication. Remind members to never reply to unsolicited telephone, email, text or pop-up messages asking for personal account information. Members should understand legitimate organizations never ask for sensitive information over unsecured communication channels. Also, educate members on what policies and procedures your credit union follows when requesting sensitive information.”


NAFCU's 2014 Technology and Security Conference. Speaking of cybersecurity, NAFCU’s 2014 Technology and Security Conference, which will be held February 11-13 in Las Vegas, is a great place to discover the latest credit union security and technology trends. Conference topics include fraud trends, core processing issues, big data and credit union crisis management. Registration discounts are in effect until Nov. 15th. Check out more information about the conference and register here.